version 1.318, 2001/03/19 16:37:04 |
version 1.319, 2001/03/22 10:43:35 |
|
|
<ul> |
<ul> |
<a name=readline></a> |
<a name=readline></a> |
<li><font color=#009000><strong>024: SECURITY FIX: Mar 18, 2001</strong></font><br> |
<li><font color=#009000><strong>024: SECURITY FIX: Mar 18, 2001</strong></font><br> |
The readline library shipped with OpenBSD allows history files creation with |
The readline library shipped with OpenBSD allows history files creation |
a permissive umask. This can lead to the leakage of sensitive information |
with a permissive |
in applications that use passwords and the like during user interaction |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&sektion=2">umask(2)</a>. |
(one such application is mysql).<br> |
This can lead to the leakage of sensitive information in applications |
|
that use passwords and the like during user interaction (one such |
|
application is mysql).<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">A source code patch exists which remedies the problem.</a><br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch">A source code patch exists which remedies the problem.</a><br> |
<p> |
<p> |
<a name=ipsec_ah></a> |
<a name=ipsec_ah></a> |